Sean Connelly · May 31, 2017 28m read
Cogs Library

Cogs Library

Over the next few months I will be releasing a number of open source libraries and tools to the Caché community.

Most of the code has evolved from previous production grade solutions over the years and I am collating it together under a single overarching library package that I am calling Cogs.

17 38
4 1,325

From a browser, an XMLHttpRequest to a CSP page on a different server will obviously hit the CORS security check.

To get around this I can set the Access-Control-Allow-Origin header on that particular CSP class.

However, setting any request headers on the XMLHttpRequest object will trigger a pre-flight OPTIONS request.

This OPTIONS request is not handled by the target CSP page and the Access-Control-Allow-Origin header is never set, triggering a CORS error.

0 3
0 563
Sean Connelly · May 15, 2017 2m read
Security Alerts

Wanna Cry

Most of you should be aware that the Wanna Cry virus is massively infecting un-patched windows machines all around the world. It's particularly affecting the NHS, one of my main clients.

Wanna Cry is one of a line of Viruses that exploit SMBv1 over ports 135 and 445.

A kill switch has been enabled, but this won't protect machines sitting behind http proxies, and there are already reports of new versions without a kill switch.

All windows machines should be isolated and updated a.s.a.p.

3 1
0 680

I'm looking at adding multilingual support to a couple of open source projects I'm working on. The solutions are already developed in CSP so I am not looking for alternative approaches.

I'm wondering what would be the best approach for CSP and separate JavaScript files.

Initially I was wondering if I should bake the default system language text at compile time, or provide the end user with a language selection option at run time.

I came across $$$TEXT reading the docs...

1 20
0 453
Sean Connelly · Apr 27, 2017 7m read
Level up your XDATA

XDATA is used for a whole host of ISC libraries to store things like Zen pages, BPL logic and DTL transformations.

XDATA is the equivalent of XML config files of the JAVA world and JSON config files of the JavaScript / NPM world.

Whilst Atelier looks to shift source code to the disk, XDATA will remain a key component to source control our projects config / meta data.

3 4
0 1,019

WebSockets look to be supported reasonably well in Cache. I have yet to use them in production so I am wondering how well it has worked for other developers.

In particular what happens when the browser does not support WebSockets, or when a firewall blocks the connection.

Have you had to write your own long polling fall-back?

I've read the documentation and found this interesting article...

0 15
0 11,095

On the back of my recent post on writing bug-less code I wanted to raise a few suggestions (to ISC) that would help prevent certain types of bugs at compile time. I've probably missed a few, but these are the main ones in my mind. Please contribute more suggestions.

Btw, these also serve as potential gotchas for new COS developers.

4 24
0 960
Sean Connelly · Apr 12, 2017 5m read
Bug killing development tips

Does anyone NOT use a debugger? I can't remember the last time I did. It's not because I don't dislike them, I just don't need to use them. The main reason for this is because I have a certain development methodology that either produces less bugs, catches them at a unit test level, or makes tracking them down much easier.

Here are my tips...

1. Write your own COS cheat-sheet.

19 17
6 1,381